>>102441081
><button id="send">send post</button>
<script>
$("#send").click(function(){
$.post(
"/sql",
`INSERT INTO posts (content) VALUES (${$("#post").val()})`,
$("#success").show
)
}
)
</script>
I feel absolute triggered.
I've spent the whole day, rewriting Javascript like this.
<button id="send">Send post</button>
<script>
$('button#send').on('click', e => fetch('/sql', {
method: 'POST',
body: `
INSERT INTO posts (content)
VALUES (${e.target.value});`
}).then($('#success').show));
</script>
And I'm well aware of the prospect of an SQL injection attack; but sanitising
the query at this point will not resolve the underlying issue of arbitrary
people being able to send SQL statements directly into the database.
God, do I feel dumb and frustrated.